Before .Net, managing Active Directory objects was a bit lengthy and you needed a good knowledge on the principal store to have your head around on what you want to do. We ususally use the System.DirectoryServices namespace but with .Net 3.5 they introduced System.DirectoryServices.AccountManagement which is manages directory objects independent of the System.DirectoryServices namespace.

So what are the advantages of using this? Everything is really simple in terms of managing a user, computer or group principal and performing queries on the stores are much faster thanks to the Fast Concurrent Bind (FSB) feature which caches the connection which decreases the number of ports used in the process.

The code is divided into several regions but here are the 5 key regions with their methods explained

Validate Methods

ValidateCredentials – This Method will validate the users credentials.

IsUserExpired – Checks if the User Account is Expired.

IsUserExisiting – Checks if user exsists on AD.

IsAccountLocked – Checks if user account is locked

Search Methods

GetUser – This will return a UserPrincipal Object if the User Exists

User Account Methods

SetUserPassword – This Method will set the Users Password

EnableUserAccount – This Method will Enable a User Account

DisableUserAccount – This Methoid will Disable the User Account

ExpireUserPassword – This Method will Force Expire a Users Password

UnlockUserAccount – This Method will unlocks a User Account

CreateNewUser – This Method will Create a new User Directory Object

DeleteUser – This Method will Delete an AD User based on Username.

Group Methods

CreateNewGroup – This Method will create a New Active Directory Group

AddUserToGroup – This Method will add a User to a group

RemoveUserFromGroup – This Method will remove a User from a Group

IsUserGroupMember – This Method will Validate whether the User is a Memeber of a Group

GetUserGroups – This Method will return an ArrayList of a User Group Memberships